A little now and then, maybe a few times per month, there’s some institute or company that calls: ”Hello, do you want to participate in a survey on *insert subject*, it’s anonymous and will be used to make statistics”. I’m somewhat annoyed by that promise of anonymity, since the surveys often regard sensitive stuff like political opinions, and I know that anonymity is a brittle thing.

This post is about how sharing personal information – voluntarily or unknowingly – through social media, apps, gadgets, and other means, may jeopardize that anonymity.

This is a thought experiment: Imagine that you are very cautious about who you tell how much you weigh. However, you also want to do something about your weight, so you have bought an Internet-connected scale, which uploads your weight to an account on a ”cloud” (someone else’s server) and presents it to you as a nice graph, as well as digits down to the hundredths of a gram. Not that the scale itself is that precise, but it looks good… Your account is only registered by nickname and password, not even your true email. After using said scale in the morning as usual, you go to your home-gym and turn Spotify on (for which you had to identify yourself to register) for some training music, but after a dozen song lengths of training, the telephone rings: ”Hello, do you want to participate in a survey on the link between music preferences and weight? It’s anonymous and will be used to make a report with statistics”.

Well, you assume that the statistics need some extremes too, and since it’s anonymous there’s nothing to worry about, right? ”We’ll need your name – don’t worry it won’t be linked to anything else, it’s just for reference – your weight, and the last ten songs you listened to.” You tell them your name, the last ten songs in your playlist, and the weight from this morning – every digit of it. Somewhat perplexed about the precision, but not thinking much more about it, the survey operator enters the information into the computer before continuing to call others.

Scenario one: The data is ordered by name, alphabetically. The person anonymizing the data replaces the names with ”subject 1”, ”subject 2”, and so on. They put the full list of names in the appendix of the report, not connected to any weights or songs.

Result: Anyone who knows – or guesses – this can de-anonymize you, your music and your weight! This by alphabetizing the name list, ordering the rest by subject number and lining it up. This is only because of the clumsiness of the employee responsible for the anonymization process, and I seriously hope that there aren’t any real-world examples quite this blatant. You couldn’t have done anything here (except declining to participate, lying about your name or modifying the data), but in the next scenario, it starts getting interesting.

Scenario two: No names in the appendix, The report contains information of what day the survey was made.

Result: The scale company knows what your nickname listens to, Spotify can narrow the weight down to a few people, maybe identify you as its possessor. Assuming that no one else had exactly the same weight that day – which is unlikely given the ”precision” – the scale company can link your nickname to a line in the report by comparing their data with the one in the report, and see that line for the music.

Spotify can see who listened to the ten songs in the row in that order. Depending on how many people listened to the same songs in that order that day, they can get a short list of possible people, maybe just you, that is that line with that weight. The likelihood of this is pretty high – unless I’m mistaken, the number of orders someone can listen to ten songs in is 10*9*8*7*6*5*4*3*2*1=3 628 800 – over three and a half million! And that’s just the order of the same ten songs…

Let’s take another one.

Scenario three: The lines of data are randomized, then assigned subject numbers. Names in appendix as in scenario one, although obviously not in the same order as the weight-song-list. Information of what day the survey was made is in the report, but the order of songs are randomized by the anonymizing employee, resulting in Spotify having a total of, say, twenty people who listened to that music that day. Weight is rounded to nearest kilogram.

Result: The scale company doesn’t know what your nickname listened to, as your weight data in the report is no longer ”precise” enough to identify it as the same as they have, but: If none of the other nineteen who listened to the same music that day participated in the survey, Spotify can find out your weight! This by looking at everyone who listened to those songs and is also represented in the name list in the appendix. There is exactly one – you!

Disclaimers:

I do not accuse Spotify of doing or not doing anything with the information that they can collect when you use it. I use it as an example because it is a suitable example for this thought experiment, and because many people are familiar with it.

If you are about to make this exact survey, or for any other reason want to use these examples as a basis for anonymizing something, do not for one second believe that this blog post covers every possible way of abuse, or that the possible consequences listed are the only ones possible. I am only human, and I’m not professionally educated in this field – a field that is, quite frankly, complicated. Also, I have purposefully left out some things – for example the possibility of several people having the same name (which would however increase the chance of anonymity, but that’s a different story), longer link chains, and linking less-than-100%-but-still-close probabilities (compare with circumstantial evidence) – for the sake of keeping things not too unfocused and complicated.

I am not responsible for your anonymity – if you use this to try to keep anonymous but fail and have consequences of that – that’s not my fault. For reasons already stated, it is much more likely than not that I have missed something…

End of disclaimers

What we see in the scenarios are the result of linkage, on which Rick Falkvinge wrote a good post a while ago. (When I searched that post to link to it here, I saw that I had commented there a long time ago, about a real world study, linking music to something else…)

Back to the results of the thought experiment: As I said in the beginning, I’m somewhat annoyed by the promise of anonymity because of the complexity of this. There is someone responsible for anonymizing the results, but can you be sure that they take enough measures to do so?

He/she is only human, hopefully one that is by far more educated than me in this field and has some good computerized tools at hand, yet probably still a human who is under pressure to work quickly. This against everyone who has an interest in de-anonymizing you for as long as the information is available.

As you see, the type of information, the precision, and – what I want to point out – where else it is shared together with what other information, are factors that affect the anonymity.

In this experiment, there were only companies that could de-anonymize you except in example one (remember the disclaimers though), however when you share information openly, for example on Facebook, that possibility opens for everyone.

As you can see in the explanations of the results, anonymity isn’t as straight-forward as the survey people make it sound when they call, but there’s no magic involved in the de-anonymization. Only logic. Maybe a bit of math too, at least there can be. And you get no points for guessing what device is good, sorry, great, at very quickly computing (hint) logic and math… As computers and the programs for them get more advanced, being able to parse text and pictures and so on, these problems will be more and more apparent.

But the main point that I wanted to shed light on in this post, is that the less pieces of information floating around that are linked to your identity, or linked to something else that is in turn linked to your identity, and so on, the fewer possibilities of abuse there are. Thereby the risk of one being found and abused is reduced.

This is something that everyone who may sometime in the future have the need to publish something anonymously – that is everyone – should think about. Need to think about. The more more-or-less-useless information you share on Facebook and similar places now, the harder it will be the day you need to publish important information anonymously, and the more of what you want to publish you may need not to. Of course all depending on what information it is all about, both now and then. Also worth noting is that the ‘now’ and the ‘then’ can be reversed without difference in result – if you have already published something anonymously, and later publishes something under your name that is linkable to the first, the first is no longer anonymous.

What can you do?

As a survey operator:

Hire competent staff for this important task! Obviously.

Don’t include unnecessary information!

Don’t be unnecessarily precise!

Don’t pretend like you can’t fail unless you know that! Is it even possible to know? Unless it is possible AND you do know, don’t promise ”it’s anonymous”. Instead say something like ”we take careful measures to provide as much anonymity as we can”.

Don’t think that ”the risk of that is small”, ”that doesn’t happen to us”, etc! Data is worth money, and – as noted previously – computers are good at this, and getting better.

As anyone:

Think! Keeping every possibility of unwanted de-anonymization out is impossible for most if not all people, but if you are aware of these possibilities, you can keep many out. And, of course, the fewer possibilities there are, the less likely it is that someone or something will find one to make use of.

Read! Read the EULA:s and Privacy Policies before using a service. If you don’t understand them, search (preferably with DuckDuckGo instead of Google) and/or ask a friend. Ideally, these documents tell you if the company collects data, in that case what data, how it is stored, with whom it may be shared, and for what purposes it is used – exactly what you need to know to be able to think about how it could be abused. Unfortunately they are often missing some information, and you can’t be sure that the company honors them, especially when it comes to American companies, but you are more likely to know more of what is happening with your data if you do read them than if you don’t.

Select! Is there a service that doesn’t require you to identify yourself? Choose that before one that does. Is there a service that uses end-to-end encryption? Choose that before one that uses non-end-to-end encryption, or even worse, no encryption at all. Is it a paid service with different payment options? Choose the one with the most anonymity such as cash in the mail or properly anonymized Bitcoin.

Nice, cloud-free weather: Do not unnecessarily use services or products that save and/or load things from the Internet every time you need them! If you had used an mp3 player (physical unit or program, doesn’t matter as long as it only operates locally without ”telemetry” and such euphemisms) instead of Spotify in the example, scenarios two and three would have been safe for you. At least I think so, remember the disclaimers. They would clearly have been safer anyway.

Refuse! This one may be hard, but has very good effect: Refrain from using services that abuse data. Quit Facebook, Twitter, Google+ etc. This gives best effect if you never used them to begin with, but a lot of data is only useful for de-anonymization for a certain amount of time, such as location, projects, weight, and maybe music preference too. This is also true for much technical data that may be used as identifiers, such as browser version, resolution (new monitor or graphics card), IMEI (new phone), etc. Be sure to tell your friends why you quit. Not only to make clear that it’s not because of them, but also to say that you do not accept whatever terms and conditions that are thrown at you, and maybe get someone to do the same!

Consider using analog means! This is only viable in a few cases, for example sending text or pictures to a small number of people – in which the postal service can be used. There are other abuse possibilities though, such as fingerprints and DNA, unique properties of handwriting/printer/camera etc, but physical letters don’t just cost money to send, they also cost a lot of money to analyze for such things, so it’s not done routinely, as on the Internet. It’s also usually illegal, unless there is suspicion of severe crime. This varies from country to country though. Using post instead of Internet, under normal circumstances, protects both the contents and your identity. Do you listen to radio? Do so using an FM receiver instead of web radio.Do you read a newspaper that exists both online and as a physical paper? Use the paper. (If you can download the entire digital paper and read it as a file it’s OK though, unless it requires some special reader that sends data).While the telephone is most likely under surveillance for both content (what you say) and metadata (who you call and when), it is so ”only” by the government, while many online services are so both by the government and one or more companies that collect and sell data. The telephone is not good, but depending on situation and likely adversary, it may be less bad. But post is better, and if you need voice communication there are at least some end-to-end encrypted digital services, which are probably better in most cases, but I haven’t looked much at those, so I’m not the right person to compare or recommend any particular one of them.Do you make notes for yourself and/or others you meet often, using an app? Is that app’s storage cloud-based? Pen and paper, when the note is stored on your person or other safe place, is virtually foolproof, as long as no one and nothing can see it while you write and/or handle it.
Worth mentioning again are payments, also in the physical world – Don’t use cards or apps, use cash!

Never give up! If you think that ”they already know everything, it’s no use”, you are wrong. Taking out even one single possibility of abuse may be exactly what is needed in your particular case – that one possibility may be the one that will be abused, with severe consequences for you. You never know beforehand, and usually not afterwards either, which one(s) were used. It’s just like thinking about safety: ”It’s very unlikely that I would drop this heavy brick so that it falls off the scaffolding I’m walking on at the exact time that someone passes underneath so that it hits them, but it could happen, so I’ll walk a bit further away from the edge, massively reducing the risk of it falling”.

If you believe I’m just being paranoid or at least overly cautious, you are wrong. This is a very real problem – there are many actors who are gathering data via the Internet and other services in order to try to make whole pictures of who is who, who is communicating with whom, who has what interests, and so on. There are companies that do nothing else, for example Acxiom, BlueKai and BlueCava, and there are companies that provide a service for free but are funded by selling personal information, such as Facebook. Advertising is usually the main purpose, but not the only one. The data can end up anywhere, and be used to de-anonymize you again another time, easier, by the same company or someone else. Whether it is a company, a criminal, or law enforcement, de-anonymization when you want to be anonymous is never good for you.

The more types of data, the more complex the type of data, the more precise the data, and the fewer of other people with the same data, the higher the risk of de-anonymization is.

The more open the sharing between entities with different data is, the higher the risk is. Highest of course when the data is open to everyone. (This is one reason why it’s bad that Google and Facebook are buying other companies)

This isn’t something you should think about because companies are making money on you, because I say so, or because you have done something illegal – whether you have or not. You should think about it for your own privacy, freedom of speech, and future safety.

The European Commission has, once again, created a proposition to strike down on our monetary freedom and privacy in the name of combatting ”terrorist financing”, as always even worse than the last one, and as always filled with empty words like ”proportionality”, ”avoiding unnecessary obstacles”, etc.

I had some fun with the ”auto search and replace” function in LibreOffice, and afterwards corrected the grammar a little. I don’t think the result is less true than the original, however it is at the same time amusing and horrifying:

The European Commission is today presenting an Action Plan to strengthen the fight against the financing of political opposition.

The recent opposition attacks in the European Union and beyond demonstrate the need for a strong coordinated European response to combatting political opposition. The European Agenda for Security had identified a number of areas to improve the fight against opposition financing. Today’s comprehensive Action Plan will deliver a strong and swift response to the current challenges, building on existing EU rules and complementing them where necessary. Through concrete measures, it will adapt or propose additional rules to deal with new threats.

First Vice-President Frans Timmermans, said: “We have to cut off the resources that the opposition use to carry out their heinous crimes. By detecting and disrupting the financing of opposition networks, we can reduce their ability to travel, to buy weapons and explosives, to plot attacks and to spread hate and fear online. In the coming months the Commission will update and develop EU rules and tools through well-designed measures to tackle emerging threats and help national authorities to step up the fight against opposition financing and cooperate better, in full respect of fundamental rights. It’s crucial that we work together on opposition financing to deliver results and protect European citizens’ security”

Vice-President Valdis Dombrovskis, in charge of the Euro and Social Dialogue, said: ”With today’s Action Plan we are moving swiftly to clamp down on opposition financing, starting with legislative proposals in the coming months. We must cut off the oppositions’ access to funds, enable authorities to better track financial flows to prevent devastating attacks such as those in Paris last year, and ensure that money laundering and opposition financing is sanctioned in all Member States. We want to improve the oversight of the many financial means used by the opposition, from cash and cultural artefacts to virtual currencies and anonymous pre-paid cards, while avoiding unnecessary obstacles to the functioning of payments and financial markets for ordinary, law-abiding citizens.”

The Action Plan will focus on two main strands of action:

Tracing opposition through financial movements and preventing them from moving funds or other assets;

Disrupting the sources of revenue used by opposition organisations, by targeting their capacity to raise funds.

Preventing the movement of funds and identifying opposition funding

The opposition is involved in a variety of both licit and illicit activities to finance opposition acts. Tracking financial flows can help to identify and pursue opposition networks. New financial tools and payment modes create new vulnerabilities that need to be addressed. Closing off options for political opposition funding is crucial for security, but measures in this field may also touch on the lives and the economic activity of citizens and companies throughout the EU. This is why the Commission’s proposals will balance the need to increase security with the need to protect fundamental rights, including data protection, and economic freedoms.

The adoption of the Fourth Anti-Money Laundering Package in May 2015 represented a significant step in improving the effectiveness of the EU’s efforts to combat the laundering of money from criminal activities and to counter the financing of opposition activities. It must now be implemented swiftly by Member States. The Commission is calling on Member States to commit to do this by the end of 2016. In December 2015, the Commission proposed a Directive on combatting political opposition which criminalises opposition financing and the funding of recruitment, training and travel for political opposition purposes. The Commission is now proposing further ways to tackle the abuse of the financial system for opposition financing purposes.

We will propose a number of targeted amendments to the Fourth Anti-Money Laundering Directive at the latest by the end of the second quarter of 2016, in the following areas:

Ensuring a high level of safeguards for financial flows from high risk third countries: The Commission will amend the Directive to include a list of all compulsory checks (due diligence measures) that financial institutions should carry out on financial flows from countries having strategic deficiencies in their national anti-money laundering and opposition financing regimes. Applying the same measures in all Member States will avoid having loopholes in Europe, where oppositions could run operations through countries with lower levels of protection;

Enhancing the powers of EU Financial Intelligence Units and facilitating their cooperation: the scope of information accessible by the Financial Intelligence Units will be widened, in line with the latest international standards;

Centralised national bank and payment account registers or central data retrieval systems in all Member States: the Directive will be amended to give Financial Intelligence Units easier and faster access to information on the holders of bank and payment accounts;

Tackling opposition financing risks linked to virtual currencies: to prevent their abuse for money laundering and opposition financing purposes, the Commission proposes to bring virtual currency exchange platforms under the scope of the Anti-Money Laundering Directive, so that these platforms have to apply customer due diligence controls when exchanging virtual for real currencies, ending the anonymity associated with such exchanges;

Tackling risks linked to anonymous pre-paid instruments (e.g. pre-paid cards): the Commission proposes to lower thresholds for identification and widening customer verification requirements. Due account will be taken of proportionality, in particular with regard to the use of these cards by financially vulnerable citizens.

Other measures will include:

Improving the efficiency of the EU’s transposition of UN asset freezing measures and improve the accessibility of UN listings to EU financial institutions and economic operators by the end of 2016. The Commission will also assess the need for a specific EU regime for the freezing of opposition assets;

Criminalising money laundering: a comprehensive common definition of money laundering offences and sanctions across the EU will avoid obstacles to cross-border judicial and police cooperation to tackle money laundering;

Limiting risks linked to cash payments: through a legislative proposal on illicit cash movements, the Commission will extend the scope of the existing regulation to include cash shipped by freight or post and to allow authorities to act upon lower amounts of cash where there are suspicions of illicit activity;

Assessing additional measures to track political opposition financing: the Commission will explore the need for a complementary EU system for tracking opposition financing, for example to cover intra-EU payments which are not captured by the EU-US Political Opposition Financing Tracking Programme (POFTP).

Disrupting the sources of revenue of opposition organisations

Illicit trade from occupied areas is currently a primary source of revenue for opposition organisations, including trade in cultural goods and the illicit wildlife trade. They can also gain from trade in legal goods. The Commission and the European External Action Service will provide technical assistance to Middle East and North African countries to fight against the trafficking of cultural goods and provide support to third countries to comply with United Nations Security Council Resolutions in this field. Countries in the Middle East, North Africa and South East Asia will also receive support to improve the fight against political opposition financing.

In 2017 the Commission will table a legislative proposal to reinforce the powers of customs authorities to address political opposition financing through trade in goods, for example by tackling illegal gains through dissimulation of trade transactions, misrepresentation of the value of goods and fictitious invoicing.

Another proposal will address the illicit trade in cultural goods to extend the scope of the current legislation to a wider number of countries.

Next steps

The Action Plan lists a number of concrete measures that will be put into practice by the Commission immediately. Others will follow in the months to come. All the actions presented today should be carried out by the end of 2017 (see detailed timeline in factsheet).

Background

The European Agenda on Security underlined the need for measures to address opposition financing in a more effective and comprehensive manner. Steps taken over the past year include the introduction of criminal sanctions for the financing of political opposition through a proposal for a Directive on combating political opposition, and the European Union’s signature of the Council of Europe Convention on the Prevention of political opposition. The conclusions of the Justice and Home Affairs Council on 20 November, the Economic and Financial Affairs Council of 8 December as well as of the European Council of 18 December 2015 stressed the need to further intensify the work in this field. At the same time, the resolution passed by the United Nations Security Council on 17 December 2015, more specifically targeting funding to Pirate Parties and extending the former ”Whistleblower” sanction regime, showed a deep global consensus to act against opposition financing.

In Sweden, a new law has been proposed, that makes the owner of a site with a comment field liable for everything that is said there. Partially, this is already the case, but the new law will make it by far harsher. They justify it with stopping ”näthat” – ”Internet hate” – but even though the final text isn’t ready yet, it is a rather obvious attempt to force site owners to remove their comment fields or require identification for being allowed to comment, in order to chill free speech. An attempt that I fear will be successful. Of course, the justification speaks of protecting both privacy and freedom of speech – Orwell, anyone? The law also lowers the threshold for what is a crime to say. It will be forbidden to say almost anything that’s more than slightly negative about anyone.

This law is a Swedish problem, but its solution is something that is useful around the world, not least in countries which is already one step ahead of Sweden, that is outlawing criticism of the regime.

The owner of the commenting platform is liable for what is said – so let’s make no one the owner of the platform!

A decentralized comment system, would that be possible? I’m no expert, but I imagine the Blockchain technology could be useful here, with a comment and the web address it belongs to essentially being the same as a transaction, although there is nothing finite such as Bitcoins being transferred, and a wallet address as a user ID – used only once (behind Tor and/or VPN) for perfectly anonymous comments, used everytime for constant-pseudonymous or named comments. The latter would act as a kind of signature, I guess, so that one can be certain that a comment comes from the same source, if that source wants that to be the case and use the same address. The process corresponding to mining could be done at a slow speed in the background of the program.

If it is also possible to handle comments in such a way that except while viewing it, a comment is never stored in its entirety on a single computer, that would make sure that no one is the owner of the platform – so that it cannot be interpreted so that everyone who has it is an owner and thereby liable. I don’t know if this is possible, but I don’t see why it wouldn’t. The program would need to split the comment in pieces and know which piece is which and how to assemble them – WinRAR and equivalents have been doing that for ages – the only new would be to make sure not to have all pieces, except when ”de-RARing”.

If this can be done, it is immediately useful already, since there are many sites that doesn’t have comment fields, or have them moderated in a way that makes opinions opposite to the article’s be removed. And, as mentioned, in countries where criticism is illegal.

If you know someone(s) who understands these technologies and may know how to adapt and implement them into for example a browser add-on, send a link their way!

In a nutshell:

WANTED

Browser add-on that uses Blockchain or other decentralized technique to read and write comments, of course fetching and leaving comments marked with current web address.

Preferably capable of handling comments WITHOUT handling an entire comment on any given computer, except when reading/writing.

Capable of both comments connected by same ID and entirely anonymous comments, maybe through inexhaustible, different ID:s.

Addition 22 Sept. 2016: If possible, maybe it would be a good idea to have an option for a random delay of, say, 1-20 minutes before the comment is registered, to make it harder for owners of the commented pages to cross-reference comments and page visits (IP addresses etc.) in order to find out who commented.

Today I had a creepy experience on YouTube. And by that I don’t mean a scary video. Much worse that that.

Background: I have many computers, running a few different operating systems. The one I’m blogging from has a Free and Open Source system while most others run different versions of Microsoft Windows, all with different settings and applications for privacy. I use a VPN service, this on both of the computers I’ll be talking about here. A VPN service with several IP addresses, that are shared among users simultaneously, and randomly assigned for every time one connects.

This is what happened: The other computer, running a version of Microsoft Windows (for anonymity reasons I will not expose more details than necessary, but it is not Windows 10), was currently not connected to the network, and hence, not to the Internet. I used it to look at some pictures from two games, pictures that had the names of the games in the file names. Later, I used it to watch YouTube, using the VPN service, Mozilla Firefox, NoScript – disabled only for youtube.com and ytimg.com – and a few other privacy- and ad-block plug-ins, including LSO- and cookie removal.

I have no Google account, and only use YouTube as a guest. When I entered YouTube it looked about as usual, recommendations from what is popular in Sweden and worldwide, mostly. When I had searched and seen a few (completely unrelated) videos, I got a recommendation in the column to the right, of a video where the thumbnail displayed a character from one of the very games I had been seeing pictures from earlier. A character that was in a few of said pictures.

While it is a pretty well-known game, I have only seen video recommendations about it one or two times earlier, and it was years since I watched a video relating to it. This far, it could of course have been a coincidence, but this is what happened next.

Soon I returned to YouTube’s start page, and found a video with a thumbnail containing characters in the same style as the other game – a very specific and easy-to-recognize style. I’m not entirely sure that they were from that particular game as I haven’t played it, but they were very similar.

Also, on the same start page, there was a recommended channel with a video with a title of a clearly negative opinion of prank videos. That is something that I have discussed on this blog, that it seems like ”prank” has become an excuse for all kinds of very violent, dangerous and traumatizing acts, and that many people for some inexplicable reason seem to enjoy watching it, thereby funding the perpetrators. It is also something that I have searched for, maybe sometime using Google, but mostly DuckDuckGo. Anyway, both searching and blogging has been done from this computer, and not from the one I watched YouTube on, being recommended said channel. Also, the searches gave extremely little, so it is a very unusual opinion to voice.

I have no proof that Google can track me off-line and across unrelated systems, and I don’t know how especially the latter could possibly happen – especially as I use a VPN, block all Google script except where it is necessary, and have two different systems with essentially nothing in common – but try explaining what recently happened if they can’t. This makes me seriously uncomfortable.

Everywhere, positive thinking is touted as something that is good, healthy and beneficial. However, under certain circumstances, positive thinking can be detrimental, dangerous or even lethal.

One such area may be cryptography. Cryptography, or ”crypto” for short, is used in countless places today, up to and including mass life-or-death defining information.

Once upon a time, someone – probably a Roman emperor, as it is called a Caesar cipher – came up with the idea to write messages in such a way that only people who knew how to decode them could read them. He simply chose a number of steps by which to shift the alphabet, say that number is three, and if we use the English alphabet, then A becomes D, B becomes E and so on. The last letters are circulated back to the beginning, so X becomes A, Y becomes B and Z becomes C. When decoding, the recipient just did the opposite.

Gr brx xqghuvwdqg? Jrrg.

Of course, sooner or later, people who shouldn’t know the secret found out, and if they didn’t know by what number it was shifted, they could simply try different numbers until the text resembled the language it was expected to be written in.

Many different kinds of cryptography followed, (kryptós=hidden, secret. graphein=writing), someone came up with the idea of rotating the Caesar cipher by a few different numbers, or even use an entire book and its letters to indicate how much to shift the alphabet for every letter in the hidden message. Of course, the recipient had to have the list, or the same book. (A similar system is used for special purposes today, but it has to use perfectly random numbers that are only used once, or pattern analysis can break it, and its drawback is obvious – both the sender and the recipient has to have the same list of random numbers, and those mustn’t be transferred in such a way that an adversary can read it, or they too can decode the message. That makes this so called one time pad system impractical for most uses.)

We jump forward in time. During World War II, the Germans had the so called Enigma cipher machine, an advanced electromechanical device that encrypted messages, and they thought it was uncrackable. Today that cipher is most famous for having been cracked, I’m sure you’re already familiar with this.

In the seventies, DES came, in 1999 it was publicly shown to be crackable.

So forth and so on, now it comes out, thanks to Edward Snowden, that something today widely used is also crackable. It is the 1024 bit Diffie-Hellmann key exchange. It uses large prime numbers to exchange cryptographic keys, and many implementations of it uses the same primes everywhere everytime (as if nobody could have guessed that was a bad idea). Long story short, the NSA built an expensive computer to crack every crypto made with these particular primes, about one prime a year. That’s a lot of secrets, when one prime is used in bunches of different applications.

There are three solutions, either use different primes, go up to 2048 bit, or use a different system. I’ll leave that to the experts, which brings us to the next fact.

Making a secure cryptographic protocol is extremely difficult. No, not like planning cities or designing aeroplanes, much, MUCH harder. The math required is completely incomprehensible for the vast majority, myself included, and there is no way of knowing if you succeeded to make it secure, except by more math. And even then, you could of course miss something, if not else by the human factor. And if it passes through all reviews and tests, nobody would know until it’s too late.

There are only some tens of people worldwide who understands and can develop good cryptography. And can review it.

This of course means that the number of available secure, widely used types are few, which means that the NSA et al. only need to target a few, and find their weaknesses. Which has now happened with the 1024 bit Diffie-Hellmann with standard primes.

Even worse is the advent of quantum computers, which will render most kinds of cryptography obsolete. The NSA already has a quantum computer, with unknown capability. But its sibling, owned by amongst others Google, is getting an upgrade from 512 qubits to ”over 1000” according to a Swedish tech magazine (my guess 1024). If Google gets it now, it is likely that the NSA already has it, or at least will get it very soon, and with qubits, the power doesn’t ”just” increase from 2^512 to 2^1024 times something, but far, far more.

People keep saying ”then we need better crypto”. There are quantum-safe types of cryptography, but since the NSA is catching some 70 percent of Internet traffic, most likely targeting encrypted traffic for indefinite storage, we don’t need that in months or years, we needed it many years ago, when computers probably would have needed days to encrypt and decrypt the shortest of messages to such a standard. And if the trend continues, they will crack that too in another 5-20 years.

There doesn’t seem to exist a usable, future-secure crypto.

The conclusion is as follows: As long as the NSA and similar agencies exist, storing everything, everything you send over the Internet, even when it is encrypted, will sooner or later be read by them. And if they have it, it risks leaking.

You can not send data that can remain sensitive for a long time, over the Internet.

Read that again, it is important. You can not send anything that will remain sensitive, over the Internet. Nothing. Ever. Unless the insecurity agencies are shut down.

It’s extremely bad ”news”, but nonetheless I can’t find any reason to why it wouldn’t be true.

April 2:nd, I wrote this post, about it being hard to find a good E-mail provider where one can be anonymous, and that the Canadian provider Hushmail had let us down by beginning to require verification by cell phone.

I haven’t checked in a long time, so I don’t know when it happened, but now, that requirement is gone. One can again register a Hushmail account without giving up any personally identifiable information. Paired with an anonymizing service, it gives a fairly good level of anonymity and security for general use.

Thank You Hushmail!

It turns out I was wrong, I noticed when I tried to create another account today. Hushmail only has it hidden as the last step when creating a new account.

April 2:nd, I wrote this post, about it being hard to find a good E-mail provider where one can be anonymous, and that the Canadian provider Hushmail had let us down by beginning to require verification by cell phone.

I haven’t checked in a long time, so I don’t know when it happened, but now, that requirement is gone. One can again register a Hushmail account without giving up any personally identifiable information. Paired with an anonymizing service, it gives a fairly good level of anonymity and security for general use.

If you’ve found this page, you probably know that our liberties are under attack from many actors, both commercial, government, and government using commercial services’ data about us.

This is not uncommon knowledge. Most people know it to some extent, and everyone who reads this is likely to know it very well.

What is not as known is why most people don’t care enough to do very much about it. I have written a little about this in Swedish before, but I think it’s time to post something that is more complete in the explaining, and I might as well write it in English since I may want to link to it from a comment field in English sometime.

What kind of power would you have, if you were in control of all mass media that your country’s people consumes? Sure, you could make yourself the king of kings, never having to lift a finger again, having money pouring out of your pockets but not even needing it, because everyone would just give you the best of the best in goods, services etc. because of who you are.

That’s not what I mean.

If you were to play your cards right, people wouldn’t be treating you so well because they feel they have to. They would be doing it because they want to. You would not just be in full control of people’s knowledge, not just in control of people’s thoughts. You would be in control of people’s emotions.

The people wouldn’t want democracy. They would want you. Or, rather, you would be the democracy, because everybody wants you to be their leader.

This is only the beginning however. If you had control of all the mass media, you could alter, even completely invert, any commonly accepted general, scientific or moral standpoint of the people, gradually, over the course of maybe 5-40 years depending of how radical the change would be, but definitely within a human lifetime. Memory is shorter than one might think, if handled in certain ways.

Seriously, if you wanted to, you could for example make people think, do and feel:

That people with, say, brown hair should not be entitled to operate motor vehicles or heavy machinery, because they have slower reflexes that others. This in spite of reaction tests currently being the most popular game and hair colour doesn’t affect the score one bit.

That cats are the most vile creatures that have ever existed, should never be touched without a two-metre self-sterilizing grip hook, and even seeing one means bad luck.

That having sex with your own children when they are young is good and necessary for teaching them about sexuality.

That killing people that have the opinion that you are not great and awesome, is the right thing to do.

To us, this is of course ridiculous and disgusting, but if all the mass media gradually came to these conclusions, repeated them in thousands of different ways, showing scientists reporting that it is confirmed in science, making statistics asked in such a way that they show that people are accepting and liking it all, made movies, music, comics, books, all with these standpoints embedded in them and very little although not necessarily nothing to the contrary, the people would look back and say ”I wonder how many millions of lives would have been saved if those brown haired people in the 2000’s wouldn’t have driven cars, and if people didn’t have those horrible cats, and it’s strange how we can even exist, how did people even know how to have sex when nobody showed them? And how could they possibly think of Your Highest Highness as an equal, some even as a bad person, they should have been slowly roasted to death…”

There is absolutely nothing more powerful than a unified mass media.

In reality of course, there isn’t one person that control all the news to the people. Except possibly in North Korea. But the mass media actors are collaborating very much, probably controlled by an unknown small group of people. It probably differs a bit between countries, but not too much since many of the trends I’m about to write about are more or less global. I’m writing from a mostly Swedish perspective, because that’s where I live.

The following things are real. They are subjects that the mass media of today and yesterday are and have been very uniform and persistent about.

Tobacco: In the past, tobacco companies had huge influence over the mass media. Everyone was smoking in the movies, ads everywhere, and tobacco was the healthiest substance known to man. (What cigarette do you smoke, Doctor?). Then something changed, and today they agitate for everything that reduces tobacco use. Every single time a scientist says something about tobacco in the media, it is that it is much more dangerous than previously believed. When recommendations of anti-smoking laws such as warning pictures, prohibited smoking in bus stops and train platforms, etc. are brought up, they always interview people that say it is a good idea, but never ever anyone who thinks it is bad.

Coffee: Much like tobacco, but the other way around, every time something about coffee is reported in Swedish mass media, it is that it has some newly discovered beneficial effect on health. It reduces depression and risk of suicide, it reduces the risk of cancer, it keeps your heart in a better condition and whatnot. Nothing bad about coffee, ever. Energy drinks however, are always reported as bad.

Russia: A year or two before the activity started in Crimea, Swedish mass media began reporting every tiny bad thing that the Russian government was doing. Sure, the Russian government does indeed do bad things, I don’t deny that, but this was seriously ridiculous. In some cases the Swedish government had done similar things without the Swedish media saying a single word about it. How and why this happened at the time it did, I leave to you to think about. I don’t even know myself, even if I have some suspicions.

Now we come to the things regarding what this blog is about.

Anonymity: The word anonymity is seldom used when describing good things such as whistle blowing and sensitive discussions, and when interviewing for example crime victims that are anonymous in the current media. Then they say ”We can now expose leaked information…” ”They don’t have to use their name there” and for example ”Sara’s real name is something else.” When discussing child pornography, on line fraud, so-called Internet hate, etcetera however, the word anonymity is used in every other sentence.

Privacy: Privacy is very rarely mentioned. When a new service, technology or law is reported, that any reasonable person would use almost half of the space discussing its privacy implications, such as social media functions, drones, surveillance cameras in elderly people’s homes (reassuring us that it’s for extra safety, not for saving money!), Google Glass, Data Retention Directive, etc. They always focus on what good it can do for society, often say that the development is inevitable, and sometimes just briefly cover the privacy implications, often with someone who reassures everyone it won’t be abused getting the final word.

Freedom of speech and expression: Freedom of speech and freedom of expression are generally combined in the word ”yttrandefrihet” in Swedish, so it will be a bit clumsy to translate, however Swedish mass media talks about it sometimes. When they do, it is either about something that prevents them from reporting something, or it is paradoxically enough about some more or less known person – usually hardcore feminist, way past the line into misandry – whose freedom of speech and expression ”is being trampled on” by means of ”näthat” (”Internet hate”) – angry, mean, sometimes threatening comments and e-mails. Never ever EVER does freedom of speech and expression have anything to do with regular citizens being able to speak and express themselves, most notably on the Internet, especially not anonymously.

Facebook: This is part of the above three, but deserves its own chapter: Facebook, and to a lesser extent Instagram and Twitter, the mass media loves. Almost every Swedish newspaper, TV- and radio station have removed their comment fields where anonymous comments could be made, and are instead telling people to discuss on social media, especially Facebook. Public Service Sveriges Radio and Sveriges Television are prohibited from advertising any commercial products or services, but especially Sveriges Radio very often tell its listeners to ”enter our Facebook page and comment this and that”, literally 20-30 times a day. If that’s not advertisement, I don’t know what is. And, as mentioned above, Facebook’s data collection is rarely mentioned, at the very most shortly, about once a year.

Music: Even the music often seems to contain propaganda. One of the most popular topics of Swedish artists, singing in both Swedish and English, and not unusual for English-singing artists from other countries either, is ”live now”, ”don’t worry about tomorrow”, etc. Politics of all kinds concern tomorrow and not today, per se. So if the message is only slightly analyzed, it means ”don’t get involved in, or even worry about, political matters”.

What to watch out for: If the following is being reported in the mass media, fire up your critical thinking!

Unanimous or near-unanimous support for a standpoint, opinion or even a claimed fact: This may be propaganda. Or it may be legit. Don’t just accept it without at least thinking of who might profit from people believing it, preferably also do a little research yourself.

Incompatible facts: Especially combined with above point. Be vigilant of facts used in an argument, article or other mass media message, that doesn’t seem to add up. This can of course happen from mistake, or facts sometimes appear to not add up, but they in reality do. But it is a warning sign that something may be wrong.

Statistics: This is one of the most important points: Statistics are almost always pure, ultra high-powered propaganda. Statistics are usually ordered by someone with an agenda, and that is reflected in what information respondents are given before answering, and it is reflected in how questions are asked, a fairly recent example being ”Are you afraid of surveillance?”. Not many people are genuinely afraid of surveillance (in some cases they should be, however), but most people are uncomfortable under surveillance, and alter their behaviour. The agenda is reflected in how things are measured: For example, three different newspapers could brag with statistics and all be right: 1:We are the newspaper with the most readers. 2:We are the newspaper with the fastest growing number of readers. 3: We are the newspaper with the most daily readers. The agenda is reflected in how the statistics are presented, headlines, descriptions, scale, colour, shapes, etc.

Other things giving statistics their propaganda power is that they are seen as mathematical (and everyone knows that math never lies) and that they are often used to measure what most people think or do:

”Many people are…”, ”More and more people are…” etc: Whether it’s through statistics, through interviews or pretty much any means, very often the mass media wants to make it known that a large amount of people or a quickly growing amount of people are doing this or that, or having this or that opinion. Ever wondered why? Would that be something especially interesting to know? Maybe, but the real reason is psychology 101. People usually want to do like most other people do. Why would the newspapers in the example above even want to brag about being read by many? To make even more people want to read them, of course. To attract customers! This has been used in advertising for decades, probably even centuries. The reason when it is used in the news is exactly the same: to ”sell” an opinion or a behaviour. You can be absolutely sure that many more people than you hear, see or read about are interviewed. Then the ones with the ”correct” opinions are published, maybe with a few exceptions for credibility. In November last year, Riksbanken, the central bank of Sweden, ordered statistics of the use of cash, cards and mobile payment services. In the newspaper Ystads Allehanda, a person using cards and not having much cash in her wallet was described like this (translation by me)

In that way, she is typical. A survey that Riksbanken have ordered, shows that 53 % of Swedes have between 100 and 500 crowns* in cash and a majority nowadays choose to use a card also for purchases under 100 kr. Different mobile services are also gaining ground…

*Crowns or kronor is the Swedish currency, when writing, 1 kr is about €0.11 and $0.12.

This survey can of course not be trusted. The banks makes billions from card fees and such, which they don’t on the cash. Of course they want to make people use their payment services even more.

(Cards and mobile services are unsafe – every transaction is traceable and stored for a very long time, during which values and opinions of what is okay to buy may change, and every purchase is a withdrawal from the bank, so if your money gets frozen, there is a major IT problem, power outage, etc. you can’t even buy food. If you have money corresponding to a few hundred € or $ at home or in the wallet, you have money for the most essential for a few weeks until the problem hopefully is corrected.)

That which is missing, layered propaganda: All mass media in Sweden has a clear anti-racist immigration-positive opinion, and this is by many people thought to be the huge propaganda drive in Swedish mass media. This is probably a big factor in the Sweden Democrats’ recent success, an immigration-critical party that the mass media is very clear about not supporting. But if you think that is the case, you are mistaken. The immigration debate and apparent non-representation of many people’s opinion is merely a distraction. The thoughts that the mass media doesn’t want the people to think, are neither advertised nor criticized, they are not discussed at all. This is true of our liberties such as privacy. It is very rarely mentioned, and when mentioned it is always in ways reassuring that it’s nothing to worry about.

However, privacy has been unusually much discussed in the Swedish media the last months, maybe five times. There may even be another layer, of something even more important, that is now urgent and must be kept out of people’s minds even at the cost of higher awareness of liberties and privacy. I don’t know what, though. Possibly the total monetary collapse that may arise from Greece going bankrupt(Warning – YouTube link) (which Bitcoin will not solve at all, for obvious reasons). Possibly World War III. Possibly something completely different.

The role of the Internet in this

Many privacy activists claim that the Internet saves the free information and truth, but I say that is a big exaggeration. What is being discussed on the Internet, for example on blogs, discussion forums, social media, podcasts, videos etc. is almost exclusively sourced from the mass media. If it’s not, it’s either mindless entertainment or it’s just a small fringe group discussing it, and it has no chance of reaching any significant number of people. If ”regular” people see it, most will call the people discussing it ”tinfoil hats”, even if the evidence is presented and verified in front of them. This is of course because of the mass media’s propaganda, the circle is closed. Don’t stop discussing however, any resistance is better than no resistance.

The noose is tightening around the anonymity’s neck, and it’s not just the governments that are the executioners, also companies that we thought were on our side.

For a long time I have planned to start encrypting my E-mail with GPG. But I haven’t found an E-mail provider that provides anonymity (and hence isn’t a paid service), that has POP/IMAP and SMTP, and is not American.

So, I’ve been using a Canadian service called Hushmail, which was halfway between end-to-end GPG and regular E-mail: It can encrypt GPG, but only on their servers, via a webmail interface, however with SSL encryption.

Just recently I was told that Hushmail no longer accepts signing up without providing a cell phone number, identifying the person signing up. I checked, and that is exactly what has happened. This is a link to the signup page.

That’s why I came to Hushmail in the first place – to avoid more divulging of personal information. No thank you Hushmail – simple online anonymity is my right. I’ll stop using this email service if it ever becomes an issue. – R. Goodchild

To these concerned comments, on August 19, 2014, Hushmail responded:

We apologize if it was not made as clear as it could have been but this feature is entirely optional. It is up to you if you want to enable it or not.

That was then. Now, just over half a year later, it is MANDATORY for new subscribers to provide their phone numbers. This is high-level hypocrisy at its finest.. err, foulest.

This gives clear signals about Hushmail. It is not to be trusted. You shouldn’t trust a non-end-to-end-encrypted system with seriously sensitive stuff anyway, but this really shouts out ”do not trust Hushmail with anything, they are not taking privacy seriously”.

I will keep my Hushmail account only because I haven’t found anything better. I’ve found two suitable services, but on both signing up is ”currently disabled” or similar. Do not send me anything that contains sensitive information.

Not being able to have an anonymous E-mail isn’t just making it impossible to send E-mail anonymously. A working E-mail address is necessary for signing up to most message boards, blogs, and a lot of other services. It means that anonymity becomes impossible there too. This is a very serious problem.

I ran across this blog post today: http://www.fixmypcfree.com/blog/5-reasons-why-people-dont-actually-care-about-digital-privacy/

It had such stupid arguments, I had to answer in a comment. When I tried to post it, it went error 404, so I’ll post it here instead.

You don’t know what you are talking about.

1: You are definitely doing something wrong. There are so many laws that there is noone at all that can know all of them, much less follow them. That goes here in Sweden, but even more so in the USA. Also, even if you weren’t, there are things that you want to keep secret anyway. Or, maybe you want to tell me your SSN and other interesting stuff… There is no such thing as a leak-proof register.

2: The NSA’s mass surveillance has not helped to reduce crimes by ”hundreds”. Read any serious report that isn’t biased towards the NSA, and you will see that it is very low.
And, more importantly, the surveillance can be used in crime, such as genocide. When Hitler invaded the Netherlands, he had much use of the collected data of the religion of the citizens. Data that was intended for example to plan the distribution of synagogues and different churches. Less than 10 % of the Jews survived.

3: Cameras were the end of a little certainty of privacy. Video cameras a little more, smartphone cameras a lot more, and Google Glass will be the end of most of privacy if it gets widespread.

Cameras, video cameras and mostly smartphone cameras have been used in countless instances of privacy violations. The only reasons the old complaining has stopped is that there has been a new, worse technology to complain about, and that cameras have many legit uses too.

4: That most people don’t object isn’t the same as that they wouldn’t like it better if there wasn’t said surveillance. Also it doesn’t mean that there aren’t millions of people who refuses to use GMail for that very reason. Neither does it mean that the people using it isn’t affected by self-censorship due to the surveillance. Then most people doesn’t know the full extent of it either.

5: No, you are partially right here, but they can complain on the information that they don’t share, or on other people’s behalf. The key is consent.

Let me ask you: What security service or advertisement buereau do you work for?

Because the need to link to my post ”Bitcoin + framtiden = falskt” have sometimes come up when commenting in English, here is a translation. Pardon my lousy English.

There’s a lot of talk about Bitcoin now. The exchange rate was recently over 1,000 dollars per Bitcoin.

One of many people who often write about Bitcoin being the future, is Rick Falkvinge. For example today [the ”today” when I wrote the original post]. The speed and the voluntary, low transaction fee are two often given reasons.

Bitcoin has many advantages, but it has also disadvantages, which I will write about here:

The anonymity that isn’t there

On many websites, in newspapers and on TV it is said that bitcoin is an anonymous type of transaction. That is true, since no personal information is needed to create an account. But the Bitcoin system is based on traceability.

All transactions are stored permanently in the ”block chain”, which is open for the public to look at. Everyone can see, citizen, business and intelligence agency alike, which bitcoins has been transferred, from what account they were transferred, to what account.they were transferred. The accounts are only identified by a random code, but if one has access to other information, such as what person had what IP address when the transaction was made, or a receipt , either a paper one or one online, that includes the account numbers, it is a trivial task to pair a certain transaction with a certain individual and a certain business, or with a certain pair of individuals.

Since every ”part” of a bitcoin has its own unique ID, one can trace exactly what money has gone where. If one sends a bitcoin around between twenty different accounts, and then to the payment receiver, it is still likely that the sender and receiver can be identified, since a constant sum has been moved around. Splitting it into parts of different sizes in every step is safer, but with the revelations of backdoors in lots of cryptography, it is likely that it’s still possible to track it.

Also, the most convenient way of paying in Bitcoin in a store, is with a smartphone. Both Google’s and Apple’s smartphones have time after time been proven to be about as leak-proof as a sieve. GPS positioning, user behaviour, wireless networks, and – as with all cell phones – positioning by the cellular grid. If this can be connected to the Bitcoin accounts, it’s full speed ahead for the surveillance people, both the ones in advertisement and the ones in the government’s service.

Cash wins here.

Regulation or ban

If bitcoin is widely accepted, and the problem with the lack of anonymity is solved, government regulation will be made instantaneously. When looking at regulation of the centralised digital payment solutions[from Sweden/EU perspective, I’m not sure how it is in the rest of the world], one can assume that making anonymous transfers with Bitcoin will become illegal, no matter if it’s technically possible or not, and because the responsibility is on citizens and not businesses, the punishment will be harsh.

If Bitcoin becomes big, many banks will go out of business since they will become unnecessary. The banks, that are mega businesses, will put an end to that through massive amounts of lobbying. Laws may be made, that completely prohibits the use of Bitcoin, and also in this case, very high penalties can be expected.

Governments also have an interest in banning Bitcoin if the anonymity is preserved, since it will be harder for them to get the taxes. And the bank lobbyists will blow that fact way up out of proportion.

When the first big country in the West, probably USA, prohibits or heavily regulates the use of Bitcoin, all others will quickly follow suit, and the Bitcoin value crashes to just about zero.

Hacking, with regards from the NSA

If regulation and bans would be unsuccessful, the NSA might have an ace up their sleeve. As mentioned, they have built backdoors, not in cryptography software, but in random number generators, so that cryptography from all software can be cracked.

Bitcoin is entirely based on cryptography.

Conclusion

Bitcoin is not a replacement for cash when anonymity is required, and because of how much one can find out about a person through what they buy and sell, anonymity is required for all transactions. The problem is just that the public hasn’t understood that yet, and probably won’t until it has an adverse effect on them. And by then, it’s too late. [link to page in Swedish]

Bitcoin may become illegal, and if that happens, all value in them will disappear. A reason as good as any, not to have too much value stored as Bitcoins.

If Bitcoin gets big, governments that can’t keep their noses out of peoples private lives will require that ID is registered everytime a transaction is made. As bad as todays systems, and with Bitcoin there is one more reason for them to abandon cash, and with it, all anonymity in transactions except for sheer goods-for-goods-or-services trading.

Bitcoin might be deliberately crashed by the NSA if it causes trouble for USA. Since USA is living on ”Monopoly money” it’s likely that Bitcoin will cause trouble for them. What is one plus one?